Findings vs. Issues

FortWatch uses two distinct concepts to organize security data: findings and issues. Understanding the difference is key to using the platform effectively.

Findings

Findings are the raw output from scanners. Every time Nuclei detects a vulnerability or Nmap discovers an open port, a finding is created. Findings are:

Scanner output — Each finding is a single piece of evidence from a specific scan.
Tied to a scan — Every finding belongs to the scan that produced it.
Immutable — Findings are a historical record and cannot be edited or deleted.
Comprehensive — Every scan result is stored as a finding, including Info-level detections.

Issues

Issues are tracked, actionable items that represent security problems you need to address. Issues are:

Automatically created — When a finding with Critical or High severity is detected and no matching open issue exists, FortWatch creates one.
Actionable — Issues have a lifecycle (open, in progress, resolved, dismissed) and can be assigned and tracked.
Linked to assets — An issue can be associated with multiple assets if the same vulnerability affects several targets.
Manageable — You can dismiss issues with a reason, resolve them, or track their progress.

How They Relate

Think of findings as evidence and issues as action items:

A single issue may be supported by multiple findings across different scans and assets.
Not every finding becomes an issue — Medium and Low findings generate findings but not issues (unless you create one manually).
Resolving an issue does not delete the underlying findings. The findings remain as historical evidence.

Info Severity

Findings with Info severity are hidden by default in the FortWatch interface. These are purely informational detections (e.g., detected technologies, server headers) that do not represent a security risk. You can view them by explicitly enabling the Info filter.

← Previous

Interpreting Scan Results

Severity Levels